The tech giant confirmed the vulnerability last week after security researchers at Sangfor accidentally sent out the proof-of-concept (PoC) exploit code. In doing so, the researchers effectively enabled bad actors to engage in remote execution code attacks to gain system-level privileges.
Microsoft has now issued out-of-band security updates to fix the flaw, which has been given the number CVE-2021-34527 and been deemed “critical” in nature.
The company is issuing updates for Windows 10, Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, and Windows RT. In yet another indication that Microsoft sees the flaw as a major problem, a patch is also being issued for Windows 7 -- an operating system that Microsoft stopped supporting last year.
“We recommend that you install these updates immediately,” says Microsoft. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”
Security updates for Windows Server 2012, Windows Server 2016, and Windows 10 Version 1607 “will be released soon,” Microsoft said.